Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-470-18146-1
12345678910
Evaluating and Recommending Active Directory Configuration
9
Not all domains can be contacted; Exchange Server 2007 setup needs to contact at least
one domain controller from every domain to make the changes.
Firewalls prevent some locations from communicating to each other directly.
For each command, you must consider the requirements in Table 1.1.
You must prepare every Active Directory that will host Exchange Server 2007
servers or Exchange-specific objects like mailboxes, distribution lists, con-
tacts, or public folders. You do not need to prepare the root domain, as this
was done during the “Preparing Your Active Directory” section.
Isolating Exchange Server 2007 from your Active Directory
To completely separate your Exchange Server 2007 installation from your Active Directory
implementation, you have the option to create an Exchange resource forest. A resource forest
is a completely different Active Directory environment created for the sole purpose of serving
Exchange Server 2007. For example, I’ve seen this strategy in hosting (or outsourcing) envi-
ronments where the company managed the user accounts but they outsourced their mailboxes
to a hosting company. To configure this, the following is required:
The minimum forest functional level of both forests must be Windows Server 2003
A forest-to-forest trust needs to be established
Designing an Administrative Model
It is important to consider a thoroughly planned administrative model for your organization
when you integrate Exchange Server 2007 into your Active Directory. Generally there are
three ways to organize your administrative roles:
A single administrative team manages both Windows Server and Exchange Server.
Permissions are split between Windows and Exchange administrators.
The Exchange administrator role is isolated by using an Exchange resource forest.
TABLE 1.1 Exchange Server 2007 Setup—Domain Preparation Considerations
Setup Command Consideration
Setup /PrepareAllDomains Requires Enterprise Admin permission, Domain Admin per-
mission in all domains, and network access to every domain.
Setup /PrepareDomain:<FQDN
of domain>
Requires Domain Admin permission in the domain that you
want to prepare. If it is a domain that did not exist when you ran
/PrepareAD, you also need to be a member of the Exchange
Organization Administrators group.
81461.book Page 9 Wednesday, December 12, 2007 4:49 PM